Privacy Policy

Introduction

We take protecting your privacy very seriously. Please read the following to learn more about how snapIoT, Inc. (“snapIoT,” “we,” “us,” “our”) uses and protects information collected through our website and apps.

By using the website and/or app (collectively known as "the app"), you acknowledge that you accept the practices and policies described in this Privacy Policy.

What does this privacy policy cover?

This Privacy Policy covers our treatment of personally identifiable information (“Personal Information”) that we gather when you are accessing or using the app. This Privacy Policy does not apply to the practices of companies or institutions that we do not own or control, or to individuals who we do not employ or manage.

Your use of the app will allow you to provide us with Personal Information as outlined within the study materials. The app may collect your Personal Information for the purposes of a research study being conducted by one of our clients.

This Privacy Policy does not apply to our client's data, and we are not responsible for our clients’ handling of your data. Our clients have their own policies regarding the collection, use, and disclosure of your Personal Information. Our use of client's data is subject to the written agreement for services between snapIoT and the client that in no way involves the sale of your data. snapIoT's responsibility under that agreement is the obligation to keep Personal Information safe and secure.

snapIoT has no control or ownership of our client's data. Please direct any questions regarding your Personal Information to the client which collected your information using the snapIoT application. To learn about how a particular client handles your Personal Information, we encourage you to read that client's privacy statement or contact them directly.

What information does the app collect?

The app may obtain information from you in two ways. The first is information that you manually enter into the app (e.g., survey responses). The second is information that the app collects automatically about you from your device and/or wearable technology. The Informed Consent will tell you what information the app will be collecting. You may choose not to provide us with certain information. Some items automatically collected will be under your control and you may choose whether or not to provide this information by disabling/enabling this feature. If you choose to share information through and with the app (e.g. the number of steps that you have taken from the HealthKit app on your iPhone), once that information is collected through the app, it is covered by this privacy policy.

This app may also automatically receive technical information relating to your usage of the app such as your internet protocol address, operating system, device, features used, the dates and times of your interactions with the app and other information. We may use this information to understand, customize and improve user experience with the app and the study. For example, we may engage analytics services to analyze this information in order to help us understand how visitors engage with and navigate the app, and how and when features within the app are used and by how many users. We do not use cookies, beacons, or device fingerprinting.

We do not knowingly collect or solicit Personal Information from anyone under the age of 18, or knowingly allow such persons to register for the app without parental consent. If you are under 18, you must not attempt to register for the app and you must not send any information about yourself to us, including but not limited to your name, address, telephone number, or email address without parental consent. In the event that we learn that we have collected Personal Information from a person under age 18 without parental consent, we will delete that information. If you believe that we might have any information from or about a person under the age of 18, please contact us using the details below.

Is personal information about me secure?

All information that is collected through the app will be encrypted and electronically sent to a secure data server run by snapIoT. We replace the direct identifiers (your name, email address, and date of birth) with a code to help protect your identity, snapIoT encrypts the direct identifiers and stores them separately. The coded, de-identified study data and consent forms will be transferred electronically to a secure data repository. The data will be securely stored according to local regulations using Amazon Web Services. Refer to your consent form to see how we handle your study data.

Access to the app on your smart device will be protected by a passcode you select after enrolling in a study. This will need to be entered every time you access the study. You should take steps to prevent unauthorized access to your account and Personal Information by selecting and protecting your credentials appropriately and limiting access to your smart device.

The security of your personal information is important to us. While we take a number of organizational, technical, and physical measures designed to protect your Personal Information, no security safeguards can guarantee 100% security of your information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your Personal Information at any time.

The app may contain links to external websites. We are not responsible for the privacy policies and/or practices on websites that may be accessed through these links. When following a link to another website, you should read that website’s privacy policy and make sure that you agree with it and can accept it.

Will we share any of your information?

Except as described in this privacy policy, we will not sell, rent, lease, give away, disclose, or share your Personal Information that we collect through the app to third parties without your consent.

We reserve the right to disclose information collected through the app as required by law, when we believe disclosure is necessary to comply with a regulatory requirement, judicial proceeding, court order, or legal process served on us, or to protect the safety, rights, or property of those involved.

As indicated in the informed consent form for the study, we may share your de-identified, coded study data with research partners or with researchers as permitted by the study.

The app will ask for specific permission to share your information with other qualified researchers outside of the study. It is your choice whether to allow this sharing. Please review the informed consent form for the details of that sharing and refer to snapIoT’s privacy policy related to that sharing.

What Personal Information can I access?

Within the app, you may be able to review and amend certain Personal Information. If you wish to access, rectify, delete, or block any of the Personal Information, you may contact us using the details below.

Please note that while any changes you make will be reflected in active user databases within a reasonable period of time, we may maintain a copy of all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so, as permitted by applicable law.

You can withdraw from the study at any time. Please note that if you withdraw from the study, we will stop collecting new data from you via the app, but the coded study data that you have already provided may not be destroyed or deleted.

Changes to our Privacy Policy

This privacy policy is effective as of May 18th, 2020. We may change this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. In the event that any changes to this privacy policy materially alter your rights or obligations under this privacy policy, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the app for the first time after such material changes are made. Your continued use of the app after the revised privacy policy has become effective indicates that you have read, understood and agreed to the then-current version of this privacy policy.

Contact

If you have any questions, comments or requests regarding this privacy policy or our processing of your information, please contact us at privacy@snapiot.com.

Or write to us at:
snapIoT Inc.
16870 West Bernardo Drive, Suite 120
San Diego, CA 92127
Attn: Data Privacy Office
European users:
snapIoT Inc.
Via delle Conce, 20
00154, Roma, Italy
Attn: Data Privacy Office

Additional information for California users

This section applies solely California residents, and explains your rights under the California Consumer Privacy Act (CCPA).

The CCPA grants California residents the following rights:

Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request. Certain clinical research data receives exemption as stipulated in the CCPA. Personal information that may jeopardize a clinical trial will not be released, such as in cases of on-going blinded studies where release of data will damage the validity of the research.

As snapIoT is a data processor, individuals who seek to access, modify, or delete personal data, should contact the snapIoT customer, the data owner, whom our platform or applications collected your personal data on behalf of. In some instances, you may be able to perform these operations yourself through our applications.

Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a request to us by sending an email to:
privacy@snapiot.com, Attn: Data Privacy Office
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child. Once we receive your request and confirm your identity, we will process your request within forty-five (45) days. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If exercising your deletion rights, we will delete your personal information from our records, unless an exception applies. If an exception applies, you will be notified that the data will not be deleted, along with specific information about the basis for the exception.

Additional information for European Union, United Kingdom, and Swiss users / Privacy Shield statement

snapIoT's Privacy Policy sets forth the principles that snapIoT follows in connection with the transfer of personal information from European Economic Area (EEA) member countries, the United Kingdom, and Switzerland to the United States of America (U.S.). snapIoT values the trust of its users and respects individual privacy, including personal information of all users.

Scope: snapIoT complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. snapIoT has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Data processed and purposes of data processing: snapIoT provides an online platform and applications for our customers to manage aspects of their businesses including the collection, processing, and storage of clinical data pertaining to the conduct of clinical trials. snapIoT's customers decide what data to collect within our platform or applications, which may include information about their users, employees, and clinical trial patients. snapIoT processes this data as instructed by our customers and does not own or control its customer’s personal data.

Third parties who may receive personal information: snapIoT only discloses personal data as instructed by our customers. snapIoT's accountability for personal information that it receives under Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, snapIoT remains responsible and liable under the Privacy Shield Principles if third party agents that it engages to process the personal information on its behalf, do so in a manner inconsistent with the Privacy Shield Principles, unless snapIoT proves that it is not responsible for the event giving rise to the damage.

Compelled disclosure: snapIoT may be required to disclose personal information received from EEA member countries and Switzerland in reliance on Privacy Shield in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.

Rights to access, limit use, and limit disclosure: Pursuant to the Privacy Shield Frameworks, EEA, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. As snapIoT is a data processor, individuals who seek to access, modify, or delete personal data, should contact the snapIoT customer, the data owner, whom our platform or applications collected your personal data on behalf of. In some instances, you may be able to perform these operations yourself through our applications. If the snapIoT customer requests snapIoT to remove the personal data to comply with data protection regulations, snapIoT will respond to our customer’s request within 45 days.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@snapiot.com.

Inquiries and complaints: In compliance with the Privacy Shield Principles, snapIoT commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact snapIoT's Privacy Office by emailing us at:
privacy@snapiot.com, Attn: Data Privacy Office
Or in writing at:
snapIoT Inc.
16870 West Bernardo Drive, Suite 120
San Diego, CA 92127
Attn: Data Privacy Office

snapIoT has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

U.S. Federal Trade Commission enforcement: snapIoT's commitments under the Privacy Shield Framework are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).